INTRODUCTION, PURPOSE AND RESPONSIBLE OFFICERS

Tyncofex Limited (CL) is an Authorised Electronic Money Institution providing e-commerce and payment services:

• Multicurrency acquiring of VISA, MasterCard, American Express, UnionPay and other card schemes;
• Authorised e-money;
• Merchant payouts;
• Economy multicurrency payments;
• SEPA direct debit.

In particular, it contains the information which all members of staff need to be aware of in order to prevent the business being used to launder the proceeds of crime or terrorist financing.

Tyncofex is aware that API has in the past been targets of organised crime seeking to launder the proceeds of illicit activity.

Tyncofex will always seek to disrupt this activity by cooperating fully with the authorities and reporting all suspicious activity to National Crime Agency (NCA).

Money laundering is generally defined as engaging in acts designed to conceal or disguise the true origins of criminally derived proceeds so that the proceeds appear to have derived from legitimate origins or constitute legitimate assets.

2 RED FLAGS

2.1 Placement Stage

Cash first enters the financial system at the "placement" stage, where the cash generated from criminal activities is converted into monetary instruments.

Such monetary instruments could be: money orders or traveller’s checks, deposited into accounts at financial institutions, dividing the cash into smaller amounts and make various deposits into one or more accounts at one or more banks; customer opens several accounts in different names at different institutions; employ or persuade others to deposit funds for them; purchasing goods such as jewellery, art and other assets with a view to reselling them at a later date; making deposits with the help of employees of the relevant financial institution.

Red flags:

• transactions form multiple accounts for the same receiver;
• transactions from one account to multiple receivers;
• transactions coming from accounts created by auction houses, betting sites or e-wallets providers mainly used by gambling and betting sites;
• transactions from pre-paid credit cards.

2.2 Layering Stage:

At the "layering" stage, the funds are transferred or moved into other accounts or other financial institutions to further separate the money from its criminal origin. As example: Selling assets or switching to other forms of investment; transferring money to accounts at other financial institutions; wiring transfers abroad (often using shell companies); depositing cash in overseas banking systems.

Red Flags:

• Outgoing transactions to countries known as “off-shore” banking countries;
• Customers are using funds of a sales of assets like as house or jewellery;
• Customers are using the funds for purchases of real estate, buying stakes in companies, or other large assets;
• Incoming/outgoing transactions from private people to a company;
• Prepaid credit card transferred funds to bank accounts (unusual that the receiver is more financially inclusion than the remitter).

2.2 Integration Stage:

At the "integration" stage, the funds are reintroduced into the economy and used to purchase legitimate assets or to fund other criminal activities or legitimate businesses, for example - an inheritance, loan payments, asset sales abroad.

Terrorist financing may not involve the proceeds of criminal conduct, but rather an attempt to conceal either the origin of the funds or their intended use, which could be for criminal purposes.

Legitimate sources of funds are a key difference between terrorist financiers and traditional criminal organizations.

In addition to charitable donations, legitimate sources include foreign government sponsors, business ownership and personal employment. Although the motivation differs between traditional money launderers and terrorist financiers, the actual methods used to fund terrorist operations can be the same as or similar to methods used by other criminals to launder funds. 

Funding for terrorist attacks does not always require large sums of money and the associated transactions may not be complex.

All members of staff are at risk of committing a criminal offence if they assist in a criminal transaction by missing the warning signs.

3 LEGISLATION

The legislation in United Kingdom governing money laundering and Terrorist Financing and the fight against it is contained in the following: 

1. Proceeds of Crime Act 2017 (as amended);
2. Act 2000 (as amended by the Anti-terrorism, Crime and Security Act 2001);
3. Anti-Money Laundering Act 2018;
4. UK bribery act 2010;
5. Payment Services Regulations 2017.
6. Electronic Money Regulations 2011

In addition, but no limited, references, guidance and instruction are given in HM Treasury Sanctions notices and news releases and the Financial Services Authority. 

It is important to note that United Kingdom legislation in respect of money laundering is “all crimes legislation”.

As a company involved in the provision of financial services, both the company itself and our employees must be aware of the offences in case of violation of the legislation. The possible offences for violation are described in Annex 2.

3.1 Roles and responsibilities

3.1.1 Senior Management

Responsible for overall compliance policy of Tyncofex and ensuring adequate resources are provided for the proper training of staff and the implementing of risk systems. This includes computer software to assist in oversight.

Senior management will be sent monthly updates by the MLRO on compliance. They will also receive and consider the annual MLRO report and implement any recommendations made within it. 

Assistance may be given to the MLRO in the preparation of the AML manual.

3.1.2 MLRO

Tyncofex has appointed a Money Laundering Reporting Officer/Nominated Officer (MLRO/NO).

MLRO Is responsible for below listed:

• To receive disclosures from employees (also known as Suspicious Activity Report-SAR’s);
• To decide if disclosures should be passed on to the National Crime Agency (NCA);
• To review all new laws and deciding how they impact on the operational process of the company;
• To prepare a written procedures manual and making it available to all staff and other stakeholders;
• To make sure appropriate due diligence is carried out on customers and business partners;
• To receive internal Suspicious Activity Reports (SARs) from staff;
• To keep and review records of all decisions relating to SARs appropriately;
• To ensure that staff receive appropriate training, when they join and that the receive regular refresher training on annual basis or if necessary;
• To monitor business relationships and record reviews and decisions taken;
• To make a decision to immediately terminate business relationship with merchant who found in sanction list;
• To make a decision on continuing or terminating trading activity with particular customer;
• To make sure that all business records are kept for at least five years from the date of the last customer transaction.

3.1.3 Staff

Responsible for considering the AML manual and understanding responsibilities. 

Ensure Tyncofex procedures adhered to and obtain all documentary evidence as outlined within AML Manual. Ensure that all suspicious circumstances are reported to MLRO.

3.2 AML risk assessment

As per the Money Laundering Regulations Act 2017, each API must exercise a ‘risk-based approach’ to its customers, products and business practices.

Tyncofex operates a regimented system based upon processes, our 5-step approach is:

• Identify the money laundering risks that are relevant to our business;
• Carry out periodic risk assessments on various parts of our business, focusing on customer behaviour, delivery channels, patterns, irregularities;
• MLRO to design and put in place effective controls to manage and reduce the impact of the risks;
• MLRO/Compliance to monitor the controls and improve efficiency;
• Maintain records of processes/systems that were checked and why we checked them.

The results of Tyncofex annual risk assessment should be presented and approved by the Board of directors.

As a small sized entity, we review ourselves internally and base our assessment on our chosen business models, our products and services.  Tyncofex risk assessment process is described in Annex 3.

3.3 Risk based approach

Our policies are formed by using the FATF guidance on the Risk-Based Approach, that AEMI should adhere in order to effectively combat Money Laundering and Terrorist Financing. The FATF guidance supports Tyncofex in the development of:

1)   A common understanding of what the risk-based approach involves;

2)   Outlining the high-level principles involved in applying a risk-based approach;

3)   Promoting Tyncofex in the eyes of its partners, as our risk-based approach indicates a good public and private sector practice.

Tyncofex applies Due diligence at the start of customer engagement by identifying and verifying the customer identity on the basis of documents, data or information obtained from a reliable and independent source.

Tyncofex identifies where there is a beneficial owner who is not the customer, the beneficial owner and taking adequate measures, on a risk sensitive basis to verify his identity (including in the case of a legal person, trust or similar legal arrangement, measures to understand the ownership and control structure).

Tyncofex creates policies and procedures that relate to customer due diligence, ongoing Monitoring, internal reporting and record keeping. 

If any suspicions are identified, then these should be raised to the MLRO/NO for further investigation by completing the relevant internal Suspicious Activity Report (SAR) form.

4 CUSTOMER DUE DILIGENCE

The purpose of the Customer Due Diligence (CDD) process is to collect, process, verify and keep the information about the Tyncofex customers, due to minimize the possible and potential ML/TF risks.

Thus, the main question, but not the overall, needs to be asked and understood about the Tyncofex customer:

Who is the client?

• What is the geographical location of the client’s?
• Residence?
• Assets?
• Business interests?
• What is the nature of the client’s business interests/occupation?
• What is the commercial rationale for the relationship between the client and the Tyncofex (what is the client seeking to achieve)?
• What is the client’s source of funds?
• What is the client’s source of wealth?
• What has been the historical pattern of the client’s relationship activity with the business, and has it been consistent with what was expected at the outset of the relationship?
• Is the current or proposed activity consistent with the client’s profile and commercial objectives?

Tyncofex is required to perform CDD not only prior entering the relationship with the customer, but also in case of changes of in the basis of the relationship: 

This may be where: 

• new products or services are entered into; 
• customer carrying out an ‘occasional transaction’ worth €15,000 (MLR  2007);
• doubts about a customer’s identification information that has been obtained previously;
• when it’s necessary for existing customers - for example if their circumstances change
• a change in a customer's employment or other circumstances takes place;
• the stated activity or turnover of a customer entity changes or increases; or 
• the nature, volume or size of transactions increases;
• when suspect money laundering or terrorist financing: 
• the ownership, management, residence changed etc.
• constitutes a transfer of funds exceeding € 1000 or equivalent in other currency (MLR  2018) where transfer is at least partially carried out by electronic means on behalf of a payer through a payment service provider, with a view to making funds available to a payee through a payment service provider, irrespective of whether the payer and the payee are the same person and irrespective of whether the payment service provider of the payer and that of the payee are one and the same, including:

• Credit transfer - direct debit transactions denominated in euro within the EU where both the payer’s payment service provider and the payee’s payment service provider are located in the EU or where the sole payment service provider involved in the payment transaction is located in the EU;
• a direct debit - national or cross-border payment service for debiting a payer’s payment account, where a payment transaction is initiated by the payee on the basis of the payer’s consent;
• a money remittance - a payment service where funds are received from a payer, without any payment accounts being created in the name of the payer or the payee, for the sole purpose of transferring a corresponding amount to a payee or to another payment service provider acting on behalf of the payee, and/or where such funds are received on behalf of and made available to the payee whether national or cross border;
• a transfer carried out using a payment card, an electronic money instrument, or a mobile phone, or any other digital or IT prepaid or post-paid device with similar characteristics.

4.1 CDD procedure

For all customers CDD must be completed prior enter into the relationship and it is necessary to complete the steps as follows:

• Perform identification and verification – identify and where required verify the identity of the perspective customer and related parties;
• Screen all customers and related parties against the HM Treasury sanctions list, EU list and OFAC SDN list, UN list;
• Screen all customers and related parties to determine if there are any PEPs associated with the customer, by using public, trustable and opened information source;
• Determine customer risk rating;
• Complete EDD as required by the risk rating (Annex 8. New Customer on-boarding).

4.2 Customer’s minimum information

4.2.1 Private person

• Name, surname;
• Original and current identification evidencing nationality or residence and bearing a photograph or similar safeguard, such a passport, national identification card or alien identification card with date of birth and place of birth;  
• Residency address and postal code;
• Officially certified copies of the above documents;
• Disclaimer/questionnaire for the origin of funds not being derived from the proceeds of crime;

• Positive identity verification by Jumio/staff: 

• ID Verification: Verifies that a government-issued ID document (e.g. driver’s license, ID card or passport) is legitimate and authentic.
• Identity Verification: Leverages biometric facial recognition, AI, compliant machine learning, liveness detection, proprietary algorithms and verification experts to authenticate customers’ real-world identity by comparing the picture on a valid government-issued ID with a selfie video.
• Document Verification: Automatically extracts key information, including proof of address from utility bills, credit card statements and bank statements based on pictures taken by a user’s smartphones

• ComplyAdvantage screening result and put person monitoring “ON”- system will constantly and automatically monitor (Every 24 hours) customer in the background and receive proactive alerts if a customer ever becomes a potential risk by full global data base of Sanctions (https://www.treasury.gov, HMT, EU Sanctions), PEPs, Adverse Media, Law Enforcement, regulator’s blacklists, asset freezes and trading suspensions. Data is classified using FATF guidelines to enable to detect risk levels at onboarding and understand when a client changes risk level – PEP class 1,2,3 & 4.

• In addition to the information and documentation provided by or on behalf of the Client and obtained from the Third parties (where relevant), the Company has to check the below sources if the provided information is correct or to establish the missing information regarding the Client:

1. SDN list. List of specially designated nationals and blocked persons. SDN list is a publication of OFAC which lists individuals and organizations with whom United States citizens and permanent residents are prohibited from doing business;
2. Specially Designated Nationals And Blocked Persons List (SDN) Human Readable Lists
3. EU sanctions list. Consolidated list, containing the names and identification details of all persons, groups and entities targeted by financial restrictions.

4.2.2 Legal entities

• Company’ name; 
• Beneficial owner name;
• Ownership memorandum, article of association etc.;
• Legal and physical address;
• Other relevant documentation such as company’s activity details, expected turnover or expected etc.; 
• Officially certified copies of the above documents;
• Expected type and volume of transaction;
• Main counterparties and countries;
• During manual check some key data like Business Customer/Merchant name, directors' names, URL address and related phones, emails and addresses should be checked along with phrases that may occur in regard to the business model (i.e. crime, scam, review) to narrow search results to the results really interesting in terms of international investigation (i.e. if merchant's director is a felon or a convict or known fraudster);
• Disclaimer/questionnaire for the origin of funds not being derived from the proceeds of crime;
• Positive Jumio/staff identity verification;
• Complyadvantage screening result;
• G2 web services scoring result.

4.2.3 Website compliance check

• Tyncofex Limited implements checks of Business Customer/Merchant websites that must comply to the following requirements. Every website that is about to be used for ecommerce processing must comply to the specific requirements regulated by card schemes (Visa/MC):
• Clear posting of the Refund and Return Policy;
• Clear Privacy Policy;
• Clear statement on website regarding security controls used to protect customers;
• Clear posting of the Terms and Conditions;
• Clear posting of the customer service telephone number and email address;
• Clear posting of delivery methods and delivery times (if applicable);
• Clear posting of the company legal name and corporate address;
• Clear posting of the billing descriptor on the payment page;
• Card Schemes logos visible on the payment page.

4.2.4 Non face-to-face customers

Non face-to-face customers present an inherent risk of impersonation fraud which Tyncofex must take account of in framing our internal policies and procedures.

The Money Laundering Regulation 2018 requires that we apply enhanced due diligence (EDD) measures, on a risk-sensitive basis, when Tyncofex doesn’t physically meet its customers. 

Therefore, Tyncofex must apply additional verification checks to mitigate the risk of impersonation fraud. These checks may include:

• Requiring additional documents, data or information to verify the customer’s identity;
• Applying supplementary measures to verify the documents supplied;
• Requiring the first transaction to be carried out through an account in the customer’s name with a UK or EU regulated bank or one from a comparable jurisdiction;
• Telephone contact with the customer at a home or business number which has already been verified, using it to verify additional aspects of personal identity information provided during the application process;
• Communicating with the customer at an address which has already been verified, for example by letter.

While the documents obtained and seen may be similar to those required in normal ‘individual circumstances’ it is important to try and obtain some independent corroboration, which may include having them certified by other banks, lawyers, accountants, diplomatic missions.

4.3 Customers risk categorization and statuses

Tyncofex by using risk-based approach is categorized the risks posed by clients on the following basis:

• geographic area of operation;
• product;
• customer;
• delivery channel.

Clients of Tyncofex will be classified according to their risk level:

• Low Risk;
• Medium Risk;
• High Risk.

In determining a risk assessment for a customer, the presence of one factor that might indicate higher risk does not automatically establish that a customer is higher risk. 

Equally, the presence of one lower-risk factor should not automatically lead to a determination that a customer is lower risk.

The following is a non-exhaustive list of factors and types of evidence of potentially low risk:

Customer risk factors:

• public companies listed on a stock exchange and subject to disclosure requirements (either by stock exchange rules or through law or enforceable means), which impose requirements to ensure adequate transparency of beneficial ownership;
• public administrations or enterprises;
• customers that are resident in geographical areas of lower risk;
• certain other regulated firms in the financial sector in ‘equivalent jurisdictions’ (those jurisdictions providing a level of regulation equivalent to EU/UK standards and relevant for inclusion as a mitigating factor);
• independent legal professionals;
• UK/EU public authorities;
• community institutions;
• certain life assurance;
• certain pension funds;
• certain low risk products;
• child trust funds.

 Product, service, transaction or delivery channel risk factors:

• life insurance policies for which the premium is low;
• insurance policies for pension schemes if there is no early surrender option and the policy cannot be used as collateral;
• a pension, superannuation or similar scheme that provides retirement benefits to employees, where contributions are made by way of deduction from wages, and the scheme rules do not permit the assignment of a member's interest under the scheme;
• financial products or services that provide appropriately defined and limited services to certain types of customers, so as to increase access for financial inclusion purposes;
• products where the risks of money laundering and terrorist financing are managed by other factors such as purse limits or transparency of ownership (e.g. certain types of electronic money).

Geographical risk factors:

• EU member states;
• third countries having effective AML/CFT systems;
• third countries identified by credible sources as having a low level of corruption or other criminal activity;
• third countries which, on the basis of credible sources such as mutual evaluations, detailed assessment reports or published follow-up reports, have requirements to combat money laundering and terrorist financing consistent with the revised FATF Recommendations and effectively implement those requirements.

 4.4 Enhanced due diligence

Tyncofex’s Enhanced Due Diligence (EDD) policy is designed to obtain as much information as possible in order to ensure the validity of the transaction and that Tyncofex complies with ML Regulation (2017), POCA (2002), Terrorism Act (2000) and the EU Money Laundering Directives.

In practical terms, EDD will include analysis of:

• taking reasonable measures to establish a customer’s source of wealth – source of wealth is distinct from source of funds, and describes the activities that have generated the total net worth of a person, i.e. those activities that have generated a customer’s income and property;
• considering whether it is appropriate to take measures to verify source of funds and wealth from either the customer or independent sources (such as the Internet, public or commercially available databases);
• obtaining further CDD information (identification information and relationship information);
• taking additional steps to verify the CDD information obtained;
• commissioning due diligence reports from independent experts to confirm the veracity of CDD information held;
• requiring more frequent reviews of business relationships (twice per year);
• carrying out stricter monitoring of transactions and setting lower transaction thresholds for transactions connected with the business relationship, and
• setting alert thresholds for automated monitoring at a lower threshold for PEPs.

The degree of EDD must be determined by MLRO on a case-by-case basis.

4.4.1 High risk factors

Customers to who permit one or more below mentioned risk factors are considered to be rated as High Risk.

Customer risk factors:

• the business relationship is conducted in unusual circumstances;
• High cash turnover businesses: casinos, bars, clubs, taxi firms, launderettes, takeaway restaurants;
• Money service businesses: cheque encashment agencies, bureaux de change, money transmitters; 
• Gaming and gambling businesses;
• Computer/high technology/telecom/mobile phone sales and distribution, noting especially the high propensity of this sector to VAT ‘Carousel’ fraud;
• Companies registered in one offshore jurisdiction as a non-resident company with no local operations, but managed out of another, or where beneficial owners with significant interests in the company are resident in a high-risk jurisdiction;
• Unregistered charities based or headquartered outside the UK, ‘foundations’, cultural associations and the like, particularly if centred on certain target groups, including specific ethnic communities, whether based in or outside the UK (see FATF Typologies Report 2003/4 under ‘Non-profit organisations’ – at www.fatf-gafi.org );
• customers that are resident in geographical areas of high risk;
• companies that have nominee shareholders or shares in bearer form;
• companies that registered in a high-risk jurisdiction;
• the ownership structure of the company appears unusual or excessively complex given the nature of the company's business;
• a Lawyer, an Accountant, an Estate agent or if they work in/operate a casino;
• PEPs.

Product, service, transaction or delivery channel risk factors:

• private banking;
• products or transactions that might favour anonymity;
• transactions, without certain safeguards, such as electronic signatures;
• payment received from unknown or un-associated third parties;
• new products and new business practices, including new delivery mechanism, and 
• the use of new or developing technologies for both new and pre-existing products;

Geographical risk factors:

• countries providing funding or support for terrorist activities, or that have designated terrorist organisations operating within their country;
• countries subject to sanctions, embargos or similar measures issued by, for example, the European Union or the United Nations;
• countries identified by credible sources as having significant levels of corruption or other criminal activity;
• countries identified by credible sources, such as mutual evaluations, detailed assessment reports or published follow-up reports, as not having effective AML/CTF systems;

For easer Geographical risk determination for current country will be utilised internet source http://www.knowyourcountry.com.

The determination of the risk level will be the responsibility of the MLRO/NO or person nominated.

4.5 Subjects of EDD

For some particular customers, products or transactions in the case of higher risk situations enhanced due diligence (EDD) measures must be applied on a risk sensitive basis:

• Potential or when an existing customer is identified as a PEP’s close relative;
• Non-face-to-face customers;
• Customers rated as High Risk;
• When establishing a correspondent banking relationship with an institution in a non-EEA;
• Customers who make transmissions to jurisdictions which may be a risk and/or are more likely to receive funds through a financial corridor, even if they are not listed on the FATF website. This especially where the transaction is: large and /or claimed to be for charitable purpose.

All high risk, PEP’s close relatives and “non face-to-face” client accounts will only be opened on the approval of the MLRO.

4.6 Provision of Exemptions

An exemption may be granted if documents are not available and other reliable substitutes can be used. MLRO may only grant an exemption where he is clearly required, or where practical experience reveals that it is necessary to do so.

All exemptions will be considered on a case by case basis. 

Tyncofex has adopted a risk-based approach to achieving its regulatory objectives and exemptions should not be considered as a way to avoid meeting our regulatory obligations.

Careful consideration will be given to issues of transparency, equity and competitive neutrality in issuing exemptions. MLRO will assess the potential implications of applying an exemption and aims to adopt a consistent approach, taking account of the facts and circumstances particular to each case. 

Request for Exemptions from standard Customer Identification Process requirements may be received from AML and Risk department in circumstances where, taking account of the CDD which has been obtained, MLRO is satisfied that the ML/TF risk has been adequately addressed. 

AML and Risk department must use the "E-mail Exemption Request" when requesting an exemption from the Customer Identification Process. The completed e-mail must be sent to MLRO and must be approved by return of e-mail by MLRO before any exemption can be provided.

5 SANCTION SCREENING REQUIRMENTS

Taking into account the cross-border business of Tyncofex Limited, it is very carefully processing its customers CDD, EDD, ongoing transaction monitoring and other activities to prevent possible violation of the ML/TF and other limitations/restrictions. 

If any Sanction/Limitations/Restriction is determined, Tyncofex immediately terminates any relationships with this customer, and perform SAR to UK FIU, not longer then 24 hours. 

As Tyncofex will use automated screening program ComplyAdvantage, and G2 web services, with ‘fuzzy matching’ logic and which is calibrated in accordance to Tyncofex risk level, once the integrated screening lists (including OFAC SDN list) will be updated within the program, the screening process will be performed using the most recent lists immediately, but in any case, not later than within 1 week after the screening lists updated.

5.1 Parties to be screened

• New/prospective customers including all related parties (directors, beneficial owners etc.) prior to activation of account/at a minimum before funds can be are paid/withdrawn; 
• Existing customers including all related parties (directors, beneficial owners etc.) on weekly bases;
• All parties to cross-border inbound and outbound payments in real time bases before funds are released:

• The following parties and payments information must be screened:

• Remitter;
• Beneficiary;
• Remitter’s bank;
• Beneficiary’s bank;
• Ordering bank;
• Intermediaries/correspondents;
• All countries involved;
• Currency;
• Free text fields.

• Employee, suppliers and third parties- prior to establishing the relationship and further twice a year.

5.2 Matching standards and investigation

Potential match investigation must include techniques to be possible to compare names, addresses, strings and partial strings, business names, spelling errors, postal codes, tax ID numbers, data that sounds similar (such as “John” and “Jon”) and more.

ComplyAdvantage has an algorithm in place to determine issues related to spelling and misnaming. 

5.2.1 Direct Match or Exact Match

A matching relationship between the two records is direct when these two records are a match by the underlying rule:

5.2.2 Indirect Match

A matching relationship between two records is indirect when they do not match each other; however, each of these matches may match a third record.

5.2.3 Partial Match

Possible matches when customer information is the same or similar to the watch list entity information. Two records show this type of relationship (very common in real life) when some (not all) elements of the first record match to some (not all) elements of the second record. A typical example will be the records corresponding to father and son living at the same address where many elements such as the last name, address and residence phone number might be matching, but the first name (and probably the middle name), mobile numbers, e-mail addresses and other such fields will not match. Extended families usually share a common last name.

Additional information such as address, identification number, gender, height and age are needed to help determine the true match through further investigation.

5.2.4 Fuzzy Matching

Determination the similarity between elements of data such as business name, personal name or address information. 

The fuzzy logic feature allows the algorithm to detect and evaluate near matches rather than require exact matching. 

Depending on the algorithm, it may consider alternate nicknames, such as “Mike” or “Mickey.” Names (person, place or entity) would be easy to match if they were consistent; however, launderers use different techniques to bypass filter detection.

5.2.5 Phonetic Matching

A phonetic algorithm matches two different words with similar pronunciation to the same code, which allows phonetic similarity-based word set comparison and indexing. 

There are words that have different spellings but similar pronunciation and should be matched, such as Sofia and Sophia/Reynold and Renauld, etc.

This table highlights various name variations.

5.3 Investigation timing of potential matches

All potential matches must be investigated within 24 hours of being generated.

Real time potential matches for customers and payments must be investigated immediately and decision made prior to funds being released.

5.4 Identification of positive match

If a positive match is discovered, the responsible employee must inform MLRO immediately.

MLRO must investigate received information and if positive match, inform the responsible employee which must block the customer in operational system until consent is given to proceed or refuse.

MLRO makes a disclosure to the relevant instance (see point 9 of the Procedure).

5.5 Sanction Monitoring

When a search is made using ComplyAdvantage aml solution, customer is automatically added to a sanction watch list. If a customer will be added to any sanction list, notification will be sent to MLRO and compliance department.  For more details please see - ComplyAdvantage Compliance Data Overview file. 

6 PROHIBITION ON CUSTOMER RELATIONSHIP/ACCOUNT 

Tyncofex in considering money laundering risks, regulations and guidance decided that certain types of relationship are unacceptable:

• shell banks;
• individuals or entities that are on relevant sanctions lists issued by countries in compliance with UN resolutions or to which countries have applied sanctions unilaterally (UK, US and others);

• individuals or entity whose identity cannot be verified or who refuses to provide information required to verify identity or required for account opening purposes; or who has provided information that contains inconsistences that cannot be resolved after further investigation;

• Where there is suspicion or evidence of found, money laundering or other criminal activity or involvement;
• If falsified documentation or information is detected during the account opening/relationship establishment process;
• Individuals, entities and organizations sanctioned by UN, EU, HM Treasury list or OFAC;
• An account using a pseudonym or number rather than the actual name of the customer;
• Anonymous ownership entity accounts, where the ownership of the entity cannot be determined because the entity has a form or structure that prevents an account accurate identification of the Beneficial Owners;
• Unlicensed financial institutions, including unlicensed currency exchange houses and money transmitters and;
• Persons involved in unlawful internet gaming business;
• Customers- merchants, whose business Merchant Category Code (MCC) is included into the International Card organisations prohibition list.

7 REPORTING PROCEDURE

Suspicion - a degree of satisfaction beyond mere speculation, which is based on some foundation, but which does not necessarily amount to belief.

The International Compliance Association has described “suspicion” as being the third stage after “comfort” and “concern.

Tyncofex employees could face prosecution if it is proven that nobody did make a report to our own MLRO, even though one had reasonable grounds for suspicion. 

Some of RED FLAGS of possible suspicion is listed in Attachment 9.

From the moment a suspicion of money laundering arises no further work will be carried out on the matter that gave rise to the suspicion. Neither commercial considerations nor the difficulty in responding to the client’s enquiries on the matter shall be permitted to take precedence over the Tyncofex’s legal obligations in this regard.

In such circumstances the MLRO shall act with all possible speed to enable work to continue, and assist staff in any communications with the client affected.

As soon as a member of staff forms or becomes aware of a suspicion of money laundering, no further work is to be done on the matter giving rise to suspicion.  If there is any likelihood of the client becoming aware that work has stopped, for example because an anticipated transaction has not gone through, the member of staff concerned must contact the MLRO for instructions on how to handle the matter with the client.

On receipt (form enclose to this report) of a suspicion report, the MLRO shall:

• instruct the originator of the report and any other staff involved to cease work on the matter giving rise to suspicion;
• decide in the shortest possible time whether all work for the client concerned should be stopped, or whether other work that is not the cause of suspicion may continue, and advise relevant staff accordingly;
• assist all affected staff in handling the matter with the client so that no tipping off offence is committed;
• When work for a client has been stopped, the MLRO shall carry out the evaluation of the suspicion report as quickly as possible to decide whether a disclosure must be made to the authorities;
• If the MLRO decides that there are not reasonable grounds to suspect money laundering, he will give consent for work to continue on his own authority;
• If the MLRO decides that a disclosure must be made, he will request consent to continue from NCA as quickly as possible;
• On giving consent to continue, either on his own authority or on receipt of notice of consent or implied consent from NCA, the MLRO will confirm this in writing to affected staff;
• If consent is refused by NCA, the MLRO will take advice from NCA and consult with the responsible MLRO/NO of the Tyncofex continuation of or withdrawal from the client relationship.

It is important that all employees and management are properly trained and remain vigilant of potential money laundering. 

The report should be made as soon as reasonably possible – this should normally be within the first 24 hours after discovery.

8 CUSTOMERS ACTIVITY MONITORING

Tyncofex is required to monitor business relationships and to apply scrutiny of unusual, complex or high-risk transactions or activity so that money laundering or terrorist financing may be identified or prevented.

An unusual and suspicious transaction or activity may be in a form that is inconsistent with the expected pattern of activity within a particular business relationship, or with the normal business activities for the type of product or service offered. This may indicate money laundering, terrorist financing activity or fraudulent activity, where the transaction or activity has no apparent economic or visible lawful purpose. 

Monitoring of client’s transactions and activity is carried out on a risk-based method, with high risk clients being subjected to additional and more frequent screening and observation. Transaction and activity monitoring must be undertaken throughout the course of the relationship held with the client to ensure that the transactions and activity being conducted are consistent with the clients KYC, their business, source of funds and source of wealth. 

The monitoring of complex, unusual and large transactions or unusual patterns of transactions must be examined and recorded in writing. 

Possible characteristics to monitor could be changes of: 

• the nature and type of a transaction; 
• the frequency and nature of a series or pattern of transactions;
• the amount of any transactions, paying particular attention to particularly large transactions;
• the geographical origin/destination of a payment or receipt; 
• the parties concerned with a view to ensuring that there are no payments to or from a person on a sanctions list; 
• the customer's normal activity or turnover;
• In case if customer-merchant accepted average ticket, amount was increased by 50% (Average ticket amount for each merchant is mentioned in e-merchant questionnaire).

Where the basis of the relationship changes significantly, Tyncofex must carry out further Customer activity monitoring procedures to ensure that the revised risk and basis of the relationship is fully understood. 

Ongoing monitoring procedures must take account of these changes. 

Tyncofex must ensure that any updated information obtained through meetings, discussions, or other methods of communication with the customer is recorded and retained with the customer's records. That information must be available to the MLRO. 

Ongoing monitoring of a customer's activities will allow Tyncofex to continue to build a profile of the customer and will entail the ongoing collection of CDD information.

Ongoing monitoring for each merchant includes every cardholder monitoring by ComplyAdvantage. 

As part of our ongoing monitoring requirements, the following review periods shall be applied to customers:

• High Risk Customers: twice a year
• Medium and low Risk customers: Once a year

9 STAFF TRAINING

One of Tyncofex’s key controls in mitigating the threat of being used for money laundering is having staff that is aware of and alert to the threat. All staff, whether on a full-time, part-time or contract basis, are made aware of our anti-money laundering policy, manual and the obligations arising from them for both themselves and Tyncofex provides training on anti-money laundering.

These training comprising two key elements: 

1. Induction Training - The MLRO/NO is responsible for identifying relevant new staff that are required to undertake induction training within 45 days after requirement. The training is provided by the MLRO or the MLRO will engage external AML Advisors and is face to face training. The content of the training includes awareness training, covering Money Laundering and Terrorist Financing.

Understanding of the subject matter is assessed throughout the training through case studies. Until a new member of staff has been signed off as competent no direct customer contact is allowed.

1. Refresher Training - all relevant staff must undertake face to face refresher training on annual basis. The training is provided by the MLRO or the MLRO will engage AML Advisors and assessment of staff understanding is carried out throughout the training.

Tyncofex will obtain acknowledgement from staff that they have received the necessary training by requesting staff to sign their attendance at training sessions. Overall monitoring of attendance is recorded manually and stored on the AML file. Certificate will be provided to each participant on successful completion.

10 RECORD KEEPING

10.1 CDD and transaction records

We will store records of all transactions, identification, and all related to merchant documents for 5 years from the conclusion of the transaction on behalf of our customers or the end of the relationship.

The records we must keep are:

1. Copies of or references to the evidence of the customers ID obtained under our CDD requirements; and
2. The supporting evidence and records in respect of the business relationships and occasional transactions, which are subject of CDD or ongoing monitoring.

All records of CDD documentation are scanned and upload into our operational system linked in the customer unique reference number.

10.2 Internal and External SAR records

As previously indicated, all internal reports will be kept on the SAR file as opposed to the customer file. The report will be kept for 5 (five) years.

In addition to this all SAR submitted including correspondence with FCA or HMRC will be kept for unlimited period of time.

10.3 Training records

The company maintains records of all AML training undertaken by staff, the date it was provided and the results of any tests if applicable. These records will be kept for 5 (five) years following the end of employment with the company.

10.4 Audit results

All audit results must be kept for 5 (five) years following the date of the Board of Directors approval of them.

11 AML PROGRAM AUDIT AND TESTING

To provide reasonable assurance that Tyncofex AML program is functioning effectively, Tyncofex conducts an audit of its AML program.

The audit is conducted on a regular bases, at least every 12-18 months, if ML Risk assessment results will be rated as moderate, high or severe and every 18-24 months is the results will be rated as low and intermediate.

The main actions of audit will cover:

• Examination of AML processes compliance with applicable Law and regulation;
• Customers files review;
• Incoming/outgoing transactions review;
• Examination of representative documents to determine whether customer identification and verification procedures are being followed;
• whether CDD and EDD are being properly applied;
• whether suspicious activity is being properly alerted investigated, escalated and reported;
• Whether severance of a customer relationship.
• Merchant including process into International Card Organizations black lists (VMAS/MATCH);
• Reporting process to International Card Organizations;
• whether complaints process was initiated by the customer etc.

External audit should be performed by authorized, licensed company.

The audit results must be reported and appropriate action plan must be established and presented directly to the Board of Directors.